diff options
Diffstat (limited to 'source/lib/secdesc.c')
-rw-r--r-- | source/lib/secdesc.c | 112 |
1 files changed, 30 insertions, 82 deletions
diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c index 510282bbfb0..160fdb949d2 100644 --- a/source/lib/secdesc.c +++ b/source/lib/secdesc.c @@ -154,13 +154,13 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Copy over owner and group sids. There seems to be no flag for this so just check the pointer values. */ - owner_sid = new_sdb->sd->owner_sid ? new_sdb->sd->owner_sid : - old_sdb->sd->owner_sid; + owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid : + old_sdb->sec->owner_sid; - group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid : - old_sdb->sd->group_sid; + group_sid = new_sdb->sec->group_sid ? new_sdb->sec->group_sid : + old_sdb->sec->group_sid; - secdesc_type = new_sdb->sd->type; + secdesc_type = new_sdb->sec->type; /* Ignore changes to the system ACL. This has the effect of making changes through the security tab audit button not sticking. @@ -172,14 +172,14 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Copy across discretionary ACL */ if (secdesc_type & SEC_DESC_DACL_PRESENT) { - dacl = new_sdb->sd->dacl; + dacl = new_sdb->sec->dacl; } else { - dacl = old_sdb->sd->dacl; + dacl = old_sdb->sec->dacl; } /* Create new security descriptor from bits */ - psd = make_sec_desc(ctx, new_sdb->sd->revision, secdesc_type, + psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type, owner_sid, group_sid, sacl, dacl, &secdesc_size); return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); @@ -192,7 +192,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU ********************************************************************/ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, - const DOM_SID *owner_sid, const DOM_SID *grp_sid, + const DOM_SID *owner_sid, const DOM_SID *group_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { SEC_DESC *dst; @@ -211,21 +211,21 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; - dst->owner_sid = NULL; - dst->group_sid = NULL; - dst->sacl = NULL; - dst->dacl = NULL; + dst->off_owner_sid = 0; + dst->off_grp_sid = 0; + dst->off_sacl = 0; + dst->off_dacl = 0; - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(dst,owner_sid)) == NULL)) + if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) goto error_exit; - if(grp_sid && ((dst->group_sid = sid_dup_talloc(dst,grp_sid)) == NULL)) + if(group_sid && ((dst->group_sid = sid_dup_talloc(ctx,group_sid)) == NULL)) goto error_exit; - if(sacl && ((dst->sacl = dup_sec_acl(dst, sacl)) == NULL)) + if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) goto error_exit; - if(dacl && ((dst->dacl = dup_sec_acl(dst, dacl)) == NULL)) + if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) goto error_exit; offset = SEC_DESC_HEADER_SIZE; @@ -235,17 +235,21 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, */ if (dst->sacl != NULL) { + dst->off_sacl = offset; offset += dst->sacl->size; } if (dst->dacl != NULL) { + dst->off_dacl = offset; offset += dst->dacl->size; } if (dst->owner_sid != NULL) { + dst->off_owner_sid = offset; offset += sid_size(dst->owner_sid); } if (dst->group_sid != NULL) { + dst->off_grp_sid = offset; offset += sid_size(dst->group_sid); } @@ -275,71 +279,14 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src) } /******************************************************************* - Convert a secdesc into a byte stream -********************************************************************/ -NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, - struct security_descriptor *secdesc, - uint8 **data, size_t *len) -{ - prs_struct ps; - - if (!prs_init(&ps, sec_desc_size(secdesc), mem_ctx, MARSHALL)) { - return NT_STATUS_NO_MEMORY; - } - - if (!sec_io_desc("security_descriptor", &secdesc, &ps, 1)) { - prs_mem_free(&ps); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!(*data = (uint8 *)talloc_memdup(mem_ctx, ps.data_p, - prs_offset(&ps)))) { - prs_mem_free(&ps); - return NT_STATUS_NO_MEMORY; - } - - *len = prs_offset(&ps); - prs_mem_free(&ps); - return NT_STATUS_OK; -} - -/******************************************************************* - Parse a byte stream into a secdesc -********************************************************************/ -NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, - struct security_descriptor **psecdesc) -{ - prs_struct ps; - struct security_descriptor *secdesc = NULL; - - if (!(secdesc = TALLOC_ZERO_P(mem_ctx, struct security_descriptor))) { - return NT_STATUS_NO_MEMORY; - } - - if (!prs_init(&ps, 0, secdesc, UNMARSHALL)) { - return NT_STATUS_NO_MEMORY; - } - - prs_give_memory(&ps, (char *)data, len, False); - - if (!sec_io_desc("security_descriptor", &secdesc, &ps, 1)) { - return NT_STATUS_INVALID_PARAMETER; - } - - prs_mem_free(&ps); - *psecdesc = secdesc; - return NT_STATUS_OK; -} - -/******************************************************************* Creates a SEC_DESC structure with typical defaults. ********************************************************************/ -SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid, +SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *group_sid, SEC_ACL *dacl, size_t *sd_size) { return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - owner_sid, grp_sid, NULL, dacl, sd_size); + owner_sid, group_sid, NULL, dacl, sd_size); } /******************************************************************* @@ -354,12 +301,15 @@ SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc) return NULL; /* max buffer size (allocated size) */ - dst->sd_size = (uint32)len; + dst->max_len = (uint32)len; + dst->len = (uint32)len; - if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) { + if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) { return NULL; } + dst->ptr = 0x1; + return dst; } @@ -372,7 +322,7 @@ SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src) if(src == NULL) return NULL; - return make_sec_desc_buf( ctx, src->sd_size, src->sd); + return make_sec_desc_buf( ctx, src->len, src->sec); } /******************************************************************* @@ -582,9 +532,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, Sets up a SEC_ACCESS structure. ********************************************************************/ -void init_sec_access(uint32 *t, uint32 mask) +void init_sec_access(SEC_ACCESS *t, uint32 mask) { *t = mask; } - - |